To perform port redirection on your Primo server, you can choose from the following methods:
- A web server can either be a proxy or rewrite the URL.
- A network-based or host-based firewall can perform Port Address Translations (PAT) and Network Address Port Translations (NAPT).
- A network-based load balancer can perform PAT and NAPT.
Given the large variety of environments, there is no single solution that will work in all cases. A solution should be selected based on current and future need, along with available resources and technical skill. The ability of the vendors to assist with both initial setup and ongoing issues should also be considered.
To redirect ports, Ex Libris recommends the use of IP tables, which is a host-based firewall found on most modern Linux systems. It is often already being used, is well understood, and performs well. An example implementation can be found below.
Because port redirection is provided by load balancers and firewalls, Ex Libris does not provide support for the methods described in this section.
A request needs to be uniquely identifiable in order for it to be redirected correctly. In a default configuration, using a different port is sufficient. However, there can be a problem if two services (such as the Primo FE and PDS) run on the same server and need to be accessed from the same port (such as port 80). In this case, the only uniquely identifiable element is the URL. To use the URL, the solution must be Layer 7 aware – that is understands HTTP/HTTPS. This can both limit possible solutions and increase complexity.
One alternative is to setup PDS to use SSL-encrypted sessions to move the default PDS port to 1443 and the redirect port to 443. Since the services no longer need the same port, there is no longer a conflict.
Another alternative is to use distinctive IP addresses and/or DNS names to change the destination port based on the destination IP address and DNS name. For example, assume that the Primo FE and PDS both run on server1, which has IP address = 10.20.30.40 and DNS server1=10.20.30.40. If IP address 10.20.30.41 and DNS server1-pds = 10.20.30.41 are added to server1 to change the access for Primo and PDS to server1-pds, port redirection would be set up as follows:
- server1:80 redirects to server1:1701
- server1-pds:80 redirects to server1-pds:8991